The information presented in this document was created from devices in
a specific lab environment. All of the devices used in this document started
with a cleared (default) configuration. If you are working in a live network,
ensure that you understand the potential impact of any command before using
it.

802.1Q support is important for web hosters and other service
providers who have multiple customers sharing a single device. The web hoster
can now isolate their customer's on individual traffic through VLANs
eliminating the need for each customer to be assigned a single port. As web
traffic comes in from the Internet, the router isolates the traffic into
separate VLANs based on destination (for example, IP, port, and so on), and
trunks them together within one Gigabit port. This trunk is then passed to the
CSS11x00 for load-balancing decisions. The CSS sends the trunk to a Layer 2
(L2) device to be passed to the server farm. From the router to the servers,
the VLANs's traffic is isolated. Only two Gigabit ports were used on the CSS
11x00.

Tests have shown that the addition of 802.1Q has minimal performance
impact on the CSS 11x00 switch.

CSS 11x00 support of 802.1Q also improves its interoperability with
other Cisco devices, such as the Catalyst 6500. These two devices are the
foundation of Cisco's Content Switching Solution, Tundra, and are an integral
part of our recommended content networking solution.

Note: Prior to 802.1Q support, in order to achieve isolation between VLANs,
a L2 device could be placed between the router and the CSS. This device would
take the trunk, break out the individual VLANs, and pass traffic through
multiple connections to the CSS. Additional connections could pass the traffic
to the server farms. Traffic could be isolated however at a higher cost and
port usage.

A web hoster has a single CSS 11x00 (and a redundant CSS for high
availability). The web hoster needs to provide support for 100 customers and
would like to minimize port usage on the CSS 11x00. This allows for
maximization of return on the CSS ports. The following diagram shows one
possible configuration that will allow this to be accomplished:

For each customer, the option can be given to isolate his or her
traffic. This means that they will be given a unique VLAN. In the example
above, www.foo.com can be isolated from www.woo.com. A new Gigabit port would
be required for every 32 customers. It is possible to mix VLANs with 802.1Q
tagging enabled and also offer an untagged VLAN. This would allow the web
hoster to offer isolation and non -isolated VLANs to the customer. The
following diagram shows how this network would
look:

In this example, domains efg, ghi,
jkl, and lmn would be sharing a VLAN. This
means that all multicast traffic for any of them would be sent to all of them.
Domains foo and woo would only receive multicast traffic destined for their
domain.

The term VLAN refers to the ability to "virtualize" a Local Area
Network (LAN) using a switched architecture. The benefit of using VLANs is that
each user device can be connected to any VLAN. Rather than be defined on a
physical or geographical basis, VLANs can be defined on a logical or
organizational basis where the network can be configured via software instead
of by manually re-plugging wires. Administrators can implement VLANs and save
ports by implementing trunking. In Cisco's terminology, a trunk is a
point-to-point link carrying several VLANs. The goal of a trunk is to save
ports when creating a link between two devices implementing VLANs, typically
two switches. In the diagram below, you can see two VLANs that you want
available on two switches, Sa and Sb. The first method to implement is easy.
This method requires you to create two physical links between the devices, each
one carrying the traffic for a VLAN.

Of course, this solution does not scale. If you wanted to add a third
VLAN, you would need to sacrifice two additional ports. This design is also not
beneficial in terms of load sharing. The traffic on some VLANs may not justify
a dedicated link. A trunk will bundle virtual links over one physical link, as
shown in the following diagram:

In this diagram, the unique physical link between the two switches is
able to carry traffic for whatever VLAN. In order to achieve this, each frame
sent on the link is tagged by Sa so that Sb knows to which VLAN it belongs.
802.1Q uses an internal tagging mechanism. Internal means that a tag is
inserted within the frame, as shown below.

Note that on a 802.1Q trunk, one VLAN may not be
tagged. This untagged VLAN is referred to as the default VLAN. This way, you
can deduce to which VLAN a frame belongs to that is received without a tag. The
tagging mechanism implies a modification of the frame. The trunking device
inserts a 4-byte tag and recomputes the Frame Check Sequence (FCS). See
Bridging
Between IEEE 802.1Q VLANs for more information on tagging
schemes.

802.1Q standard is more than just a tagging mechanism. It also defines
a unique spanning-tree, running on the default VLAN, for all of the VLANs in
the network.

The configuration of the CSS 11x00 with 802.1Q requires WebNS 4.10 code
or greater. This feature is supported on the Gigabit ports only (CSS11000
only). The maximum number of 802.1Q trunk ports is equal to the number of
Gigabit ports on the switch. On the CSS 11150 , the maximum number of Gigabit
ports is two (on the CSS 11050 the maximum is one). On the CSS 11800, the
maximum number of Gigabit ports is 32, and the maximum number of VLANs
supported across all ports is 128 with no more than 32 on a single Gigabit
port.

This list defines the maximum number of VLANs supported by the specific
CSS models:

CSS 11501 and CSS 11503—a maximum of 256 VLANs

CSS 11506—a maximum of 512 VLANs

CSS 11050 and CSS 11150—a maximum of 16 VLANs

CSS 11800—a maximum of 128 VLANs

VLAN parameters within the CLI have been modified to allow for the
tagging functionality. The definitions have remained the same as previous
releases. The following section describes how the CLI parameters are entered.
For definitions, see the
CLI
Command Reference Guide.

To create a VLAN on a particular trunk, you must first attach
to the interface and then enter in the VLAN that you want to associate with it.
The following example is associating VLANs 2 and 3 with interface 1:

The following command, bridge
pathcost, will change the spanning-tree port pathcost on a given
interface/VLAN pair. The cost can be any integer between 1 and 65535. The
default is 0. In the following example, the pathcost is changed from 0 to 2:

To return the bridge pathcost back to 0, issue no
bridge pathcost command.

Default-vlan command

This command has two purposes. It specifies the default VLAN to
use for frames that arrive untagged on this interface. It also specifies that
frames transmitted out this VLAN will be untagged. The default VLAN must be
explicitly set if the user wishes untagged frames to be processed, otherwise
they will be discarded. If the user wishes to discard untagged frames, the
default-vlan command should be omitted.
This command must not be defined in any other VLAN. If the user
attempts to define more than one VLAN with the
default-vlan command, the command returns an error.
To change the default VLAN, the user must first issue no
default-vlan on the old VLAN, and
default-vlan on the new VLAN.

The ARP command can be used to determine the hardware address
that is associated with the IP address. Modifications have been added to allow
for the additional VLAN arguments. On trunking interfaces, the ARP command is
as follows:

Arp ip address mac address interface vlan

On non-trunking interfaces, the arp command is as follows:

Arp ip address mac address interface

Note: If a user enters the
vlan argument on a
non-trunking interface, or does not enter the
vlan argument on a trunking
interface, the host entry will not appear in the IP routing table.

This section provides information on how to view the running-config
changes on the CSS 1115x.

All interfaces have a consistent prefix format. This is the case for
the CS800. The slot/port format will not change. The CSS 11150, however,
currently displays ethernet-X in some places, and simply X (a number from 1 to
16) in others. They have a common format, eX. For example, e1, e2, and e16.
This format is supported when entering commands. Also on the command side, the
ethernet-X format continues to be supported for backwards-compatibility with
older startup-configs and scripts.

show bridge status
VLAN - For interfaces that have trunking
enabled, append -X (where X is the VLAN number) to the prefix. For example,
1/3-4 means slot 1, port 3, VLAN 4. For a GE NIC port on the
CS100, e13-22 means Ethernet port 13, VLAN 22. If trunking is
not enabled (or not supported as on 10/100 Mbps ports), there is nothing
appended to the prefix.

Some show screens display aggregated data for the entire interface,
such as mon counters and
phy characteristics. These are an exception to
the second rule. Such screens always display just the prefix, for example, 1/1
(CSS 11800) or e1 (CSS 11500). The show screens that are affected by this
are show ether-errors, show
rmon, show rmon-32,
show rmon-history, show
phy, show mibii,
show mibii-32, and sho
phy.